web service, as a manner of implementing Service-Oriented Architecture (SOA), has solved issues such as interoperability, integration and communication among heterogeneous applications because of features such as openness, reusability, loose coupling, and platform independence. However, for a single web service having relatively simple functions, it is difficult to meet the demand of practical applications in a modern enterprise. In order to solve issues of collaboration and integration in internet applications, individual web services need to be combined together to achieve powerful business functions. Web Services Business Process Execution Language (WS-BPEL) is currently a standard process language proposed by the Organization for the Advancement of Structured Information Standards (OASIS) for combining web services that is widely used in web service integration. WS-BPEL specifies a series of issues such as the data that is shared among a set of web services, cooperative partners involved in a business process and roles of these partners in the business process, potential execution order of web service operations and dependencies therebetween, compensation processing, error processing and exception processing of web services, and how a plurality of organizations and services participate in the web services.
Currently, many web services provide an Application Program Interface (API) to allow a third party applications to utilize their data. When the third party application needs to access user's private data, it should be authenticated. Open Authentication (OAuth) is a popular manner of authentication and is employed by many web services. OAuth is an open standard, which enables a user to allow a third party application to access users' private resources stored on a website without providing the third party application with username and password. OAuth allows a user to provide an access token instead of username and password to access data kept at a specific service provider by the user. Each access token authorizes one particular website to access particular resources within a certain period of time, that is, an access token is only valid for a limited period of time. As such, OAuth allows users to authorize a third party application to access their particular resources stored at another service provider without sharing their access permission or all the resources. OAuth is characterized in that a third party application can not directly acquire user's password; rather, the application uses an access token authorized by user to perform access.
Since an access token is only valid for a limited period of time, the token has to be updated if the time length during which a third party application wishes to perform access exceeds this time period. In case that web services invoked in a WS-BPEL process are protected by OAuth, if the access token expires, most of current handling manners update the token by manually logging into a page provided by an OAuth service provider; however, the efficiency of such updating may be low and cannot meet the demand of business process for efficiency. Further, for a WS-BPEL process in runtime environment, once a WS-BPEL application is deployed and is running, an error will occur when invoking a web service if the access token expires. Instances of that process will then terminate since all tasks after that web service cannot be processed. That is, there is no efficient mechanism for handling errors generated by an invoked web service due to expiration of an access token.